TweakTown NewsRefine News by Category:
The Communications Security Establishment Canada, the NSA-like department north of the border, launched a trial program to monitor unsuspecting travelers using Wi-Fi in Canadian airports. The collected metadata provided Canadian authorities with a glimpse of user Internet browsing habits, friendships, political affiliation, and other private information.
The leaked document indicated the "federal intelligence agency was then able to track the travelers for a week or more as they - and their wireless devices - showed up in other Wi-Fi 'hot spots' in cities" throughout Canada and in some U.S. airports. More alarming, the Canadian authorities could track travelers within its own borders at hotels, coffee shops, restaurants, train stations, and other public locations while they remained in the country.
The disclosure came from former NSA contractor Edward Snowden, after he accused mainly the NSA for wide-scale spying of U.S. citizens, foreign residents, and political leaders of other governments. Most of Snowden's spying revelations focused on the actions of the NSA, but Canada, England, and other nations also have used newer technologies to conduct surveillance.
A couple of days ago we reported that the NSA uses insecure mobile apps to grab users' data, with Angry Birds mentioned, now Rovio, the developer of the smash hit game, is coming to its defense.
Rovio said that it "does not share data, collaborate or collude with any government spy agencies". Rovio insisted "Our fans' trust is the most important thing for us and we take privacy extremely seriously. We do not collaborate, collude, or share data with spy agencies anywhere in the world".
Rovio is coming out and putting its foot down that it does not cooperate with spy agencies, and that if Angry Birds gets mentioned as one of these potential information vacuums, that it's only because it's such a large title. Rovio continued "The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance".
During Edward Snowden's sit down with German TV station NDR, he had quite a few things to say. One of these was asking the question, "if I am a traitor, who did I betray?"
He says "I gave all of my information to the American public, to American journalists who are reporting on American issues. If they see that as treason I think people really need to consider who do they think they're working for. The public is supposed to be their boss, not their enemy".
Anything you do electronically, whether you're buying bombs, or coffee, is tracked - for no reason other than the government wanting all data, 24/7. As he said "the public is supposed to be their [the government] boss, not their enemy".
The top two most common passwords in 2013 were "123456" and "Password," much to the dismay of security experts begging users to create more sophisticated passwords. The full list of passwords was compiled by SplashData and included stolen passwords that were posted online over the past 12 months.
The top five worst passwords:
Security experts also discourage using a password based on a website or application used, such as "adobe123" and "photoshop" - and many online services require passwords to be a certain length, include at least one capitalized letter, and a number or character. Furthermore, SplashData recommends using random words separate by a space or underscore, along with using different passwords for each online account.
Current cryptography encryption is still giving the National Security Agency (NSA) fits, providing Internet users with an extra layer of protection from government snooping, according to a well-known security researcher.
Bruce Schneier, author and security blogger, said the U.S. government is on a "quixotic mission" to collect as much information as possible, including online chats, instant messages, e-mails, and forum postings - and it's uncertain what current procedures are more secure. It's up to users to help develop an Internet that is secure for all users, rather than a system that is open and vulnerable from government snooping - and cyber criminals trying to compromise information.
The large amount of information collected by the NSA - against regular Internet users and foreign government leaders - has left people across the world angry.
The White House has announced that President Obama will on Friday, announce plans for NSA reform. Obama is expected to leverage a mix of executive orders and actions that will fundamentally change the way the NSA can gather information. One of the biggest actions that will be put into motion is the extension of privacy rights to non American citizens.
Other actions include the creation of a so-called "Privacy Advocate" which will argue on the peoples behalf in front of the Foreign Intelligence Surveillance Court, which now only hears arguments for spying on behalf of the government. Obama is also expected to call for a complete restructuring of the phone-data program, and will state that data collected should be held by phone companies or a third party as to offer a barrier from unwarranted access to private files.
Personally, I caution everyone to remember that most of this is still smoke and mirrors, and true reform would involve ceasing any and all collection of information on American citizens without a court order. Furthermore, Obama would have never acted to reform these policies if it would not have been for Edward Snowden and his very loud whistle blowing. While this may seem like a small victory, more work will need to be done before the NSA can truly be given the title of "reformed."
The Target data breach that affected more than 70 million customers was caused by malware unknowingly installed on point-of-sale (POS) machines at the company's retail stores. It's unknown how the malware infected the cash registers, and was safely removed within hours of being discovered - but the damage was clearly done.
"Clearly we are accountable and we are responsible - but we are going to come out at the end of this a better company and we are going to make significant changes," said Gregg Steinhafel, Target CEO, during a recent interview with journalists.
Target, Neiman Marcus, and other companies need to become more proactive in their efforts to prevent attacks targeting in-store POS systems. Cyber criminal groups are constantly on the prowl for security vulnerabilities they can target while stealing information and POS malware is a tactic that yields a large amount of information before being detected.
Last month, US retail giant Target was hit with a data breach that saw 40 million customers' private data leaked. The retailer suffered through the threat, and still felt a backlash after it happened - which is expected. In the end, the amount of consumers' data leaked blew out to over 70 million.
But what wasn't expected, is Reuters now reporting that it looks like at least three other major US retailers suffered data breaches "using similar techniques" that hit Target. Reuters hasn't unveiled the names of these businesses, but did state they are "well-known US retailers" that do business in shopping malls.
Target has since announced its sales have possibly dropped around 2.5% versus the year previous due to the breach, so you can't be surprised if these other companies are holding their cards close to their chest.
Skype user information was not at risk after the Syrian Electronic Army hacker group compromised Skype social media accounts. Microsoft-owned Skype was targeted following leaks from former NSA analyst Edward Snowden, claiming the software company freely gave access so the government could easily snoop on users.
Microsoft confirmed the targeted cyber attack, but said "credentials were quickly reset" before any harm could be done. These types of data breaches are becoming more common, with companies and cyber criminals understanding how important stolen personal information can be.
According to security researcher Jason Appelbaum, and German news magazine Der Spiegel, the NSA has the ability to spy on virtually every iPhone, and users' digital communication sent from said iPhone.
The NSA reportedly has a program called DROPOUTJEEP, which allows the US spy agency to intercept most things - including SMS messages, contact lists, the physical location of the iPhone (and its user) through cell phone data, and even the ability to access the iPhone's microphone, and camera. Leaked documents have helped put the picture together, with the NSA claiming a 100% success rate when it comes to getting spyware into iOS-based devices.
Then comes the scary part: that the NSA requires physical access to the device, which the US spy agency reportedly reroutes shipments of iPhone's purchased online, but it is also working on a remote version, which is even worse. Appelbaum says: "Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves."
He finishes with something quite scary: "Do you think Apple helped them with that? I hope Apple will clarify that."